I love the anti-spam tools in xenForo and I really appreciate that the team continues to develop new tools and features to help us combat spam.

I've been trying to find the perfect settings in "Spam Management" to keep out the most spammers while not blocking any legit members and have a few questions.

These questions are even more relevant now that 1.3 allows us to see the specific spam log matched username, email, and IP for each users in "Users Awaiting Approval" screen for example:

Here are my current settings:Here are my questions:

I don't understand how "flags" relate to the numbers in my screenshot above for "username, email, and IP". What's the correlation between "flags" and "matches"?

In my example above, the user is pretty obviously a spammer! It looks like their username showed up 3 times, their email address 255 times, and their IP 10 times in the StopForumSpam database. Which of these numbers trigger which flags and the events of blocking or not blocking a spammer?

What do y'all have in your spam management settings for the variables above, like flags detected for moderate vs. reject, and X days, and X times?

Each type of check is a flag. A flag only "counts" if it's been recorded enough times (the last option) and if the "last seen" report is recent (second to last option). Based on the number of "counted" flags, an action will be taken.

In this case, username won't be counted as it hasn't been seen enough; the IP and the email should be counted. As such, 2 flags are detected, which meets your moderation threshold.

Ah, brilliant! Thanks Mike, that really helps clarify the relationship between flags and the #s that trigger them!

I'm curious what other XF forum owners are finding as the best settings to stop spammers while letting the legitimate users in. Personally I'd rather have zero false-positives and a handful of spammers than no spammers and a few false-positives.

With my new knowledge of how things work I'm wondering if I should change to the following:

Ah, brilliant! Thanks Mike, that really helps clarify the relationship between flags and the #s that trigger them!

I'm curious what other XF forum owners are finding as the best settings to stop spammers while letting the legitimate users in. Personally I'd rather have zero false-positives and a handful of spammers than no spammers and a few false-positives.

With my new knowledge of how things work I'm wondering if I should change to the following:

Moderate registrations when this many warning flags are detected: 1

Reject registrations when this many warning flags are detected: 2

Only count flags recorded within the last X days: 365

Only count flags recorded at least this many times: 5

Any other ideas / suggestions on optimal settings for these?

Click to expand...

Did you ever land on your settings? We're considering changing "Reject registrations when this many warning flags are detected" from 3 to 2 and I'd like to hear how this is working for you.

There's a lot more granular control with that and I've been tweaking it for each of my sites to find the sweet spot between blocking the bad people while letting the good ones in.

I weight heavily against certain countries and also if the StopForumSpam email has been detected in the past. For example, if someone registering has both an IP in China AND also has an email address listed with StopForumSpam, they are automatically rejected, but if they just have one of those they may just trigger for moderator review.

You may leave default XF settings on, which may override my addon's result. So if XF says "reject", but my mod says only "moderate", then reject will be used (always the stronger measure). This means you may lose some more fine grained control. I've run with XF's protection disabled for months and never seen any issues from doing so.